15-441 roundup. 7-layer or 4-layer dip? layering: reuse, interoperability osi 7-layer model...
TRANSCRIPT
15-441 Roundup
7-layer or 4-layer dip?
• Layering: Reuse, interoperability
• OSI 7-layer model
ApplicationApplication
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
Data linkData link
PhysicalPhysical1
2
3
4
5
6
7
NetworkNetwork
Data linkData link
PhysicalPhysical
ApplicationApplication
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
Data linkData link
PhysicalPhysical
OSI Functions• (1) Physical: transmission of a bit stream.• (2) Data link: flow control, framing, error
detection.• (3) Network: switching and routing.• (4) Transport: reliable end to end delivery.• (5) Session: managing logical connections.• (6) Presentation: data transformations.• (7) Application: specific uses, e.g. mail, file
transfer, telnet, network management.Multiplexing takes place in multiple layers
The TCP/IP Model
Application(plus
libraries)
Application(plus
libraries)
TCP/UDPIP/ICMP
TCP/UDPIP/ICMP
Data linkData link
PhysicalPhysical
ApplicationApplication
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
Data linkData link
PhysicalPhysical
Layering and stacks
• Some layers - particularly in the OSI model - not so well defined
• Layer “violations” often useful for performance reasons.– Buffer management– Reduce redundant information between
headers
The lower layers - conceptsAnalog Signal
“Digital” Signal
Bit Stream 0 0 1 0 1 1 1 0 0 0 1
Packets0100010101011100101010101011101110000001111010101110101010101101011010111001
Header/Body Header/Body Header/Body
ReceiverSenderPacket
Transmission
Limits to Speed and Distance
• Noise: “random” energy is added to the signal.
• Attenuation: some of the energy in the signal leaks away.
• Dispersion: attenuation and propagation speed are frequency dependent.– Changes the shape of the signal
Effects limit the data rate that a channel can sustain.» But affects different technologies in different ways
Effects become worse with distance.» Tradeoff between data rate and distance
Why Do We Need Encoding?
• Meet certain electrical constraints.– Receiver needs enough “transitions” to keep track of the
transmit clock– Avoid receiver saturation
• Create control symbols, besides regular data symbols.
– E.g. start or end of frame, escape, ...• Error detection or error corrections.
– Some codes are illegal so receiver can detect certain classes of errors
– Minor errors can be corrected by having multiple adjacent signals mapped to the same data symbol
• Encoding can be very complex, e.g. wireless.
Encodings
• NRZ - “Non-Return to Zero”– Simple: 0 = low, 1 = high– Long runs of 0s and 1s lose synch
• NRZI - transition on 1– Long runs of 0s lose sync
• Manchester - low/high = 0, high/low = 1– Uses 2x as many transitions
• 4B/5B, etc -– Encode multiple 0s and 1s. Efficient. Used in Ethernet.
• SONET - many observations of flag pattern.
Datalink Functions• Framing: encapsulating a network layer
datagram into a bit stream.– Add header, mark and detect frame boundaries, …
• Media access: controlling which frame should be sent over the link next.
– Easy for point-to-point links; half versus full duplex– Harder for multi-access links: who gets to send?
• Error control: error detection and correction to deal with bit errors.
– May also include other reliability support, e.g. retransmission
• Flow control: avoid that the sender outruns the receiver.
CSMA/CD Algorithm
• Carrier Sense Multiple Access / with Collision Detection
• Sense for carrier.• If carrier present, wait until carrier ends.• Send packet and sense for collision.• If no collision detected, done transmitting• Otherwise, abort immediately, perform “exponential
back off” and send packet again.– Start to send at a random time picked from an interval– Length of the interval increases with every
retransmission
Collision Detection: Implications
• All nodes must be able to detect the collision.– Any node can be sender
• => Must either have short wires, long packets, or both.
• Can calculate length/distance based on transmission rate and propagation speed.– Messy: propagation speed is
media-dependent, low-level protocol details, ..
– Minimum packet size is 64 bytes• Cable length ~256 bit times
– Example: maximum coax cable length is 2.5 km
A B C
33 33
77
66
55
77
66
55
77
66
55
77
66
55
77
66
55
77
66
55
77
66
55
77
66
55
Internetworking Options
44
33
22
11
44
33
22
1111
44
33
22
11
44
33
22
1122
11 11
44
33
22
11
44
33
22
11
33
repeater Switching/bridging(e.g. 802 MAC)
router
physicaldata link
network 44
33
22
11
44
33
22
1122 22
gateway
. . .
22 22
11 11 11 11
Internetworking
• Repeaters: Physical link. One big collision / transmission domain.
• Bridges: Datalink. Can separate broadcast domains and selectively forward traffic. Transparent - preserve MAC addresses.
• Routers: Separate addressing domains. Forward through diff. MAC addresses.
IP
• CIDR - Classless Inter-Domain Routing• 192.4.16/24 == 255.255.255.0
– == 24 bits of network, 8 bits of host– Covers 192.4.16.0 - 192.4.16.255
• 192.4.16./23 == 25.255.254.0– Covers 192.4.16.0 - 192.4.17.255
• Enables more efficient use of address space through aggregation.
• Routing by longest-prefix match– /29 is “longer” (more 1s) than /24.
Routing Protocols• Intra-domain:
– RIP: Routing Information Protocol• Distance-Vector.
– Send information about table to neighbors (per-dest cost)– Count to infinity problem.
» Split horizon - Don’t advertise routes back to next-hop» Poison reverse: Advertise infinite metric to next-hop» Neither of these solves all loop problems!
– OSPF: Open Shortest Path First• Link-state.
– Flood neighbor info to entire network– Each node generates own routing table
• Fast convergence, but lots of traffic for large nets• Inter-domain:
– BGP: Border Gateway Protocol• Path-Vector. Send full AS path along with announcement.
– Solves loop problems with DV.
BGP
• Internet divided into Autonomous Systems. Each has unique #.
• Each AS sends routes with BGP• Remember: IBGP full-mesh. Why?
– No AS # to distinguish loops.
• ASes route internally with an IGP (OSPF, etc).• Some terms:
– MED (Multi-Exit Discriminator): Peers send to influence remote peer’s routing.
– Localpref: One AS configures to change routing to a peer.
AS relationships
• Transit: I pay you, you carry my traffic to anyone
• Peering: (Often) free, you carry my traffic to your customers and vise-versa.
• “Valley-free” routing– A formalization of the above.
Multicast
• A lot of multicast on project1, so• Won’t be on the final exam.
– (Aren’t you glad you came to class today?)
• Multicast today– Deployed inside organizations / etc.– Iffy if you want to use across Internet– Concepts useful! E.g., overlay multicast
Tunnels, NATs, etc
• Things to remember:• NAT - network address translator
– Lets you use private addresses inside net– May let you share one external address
• (Port-translating NAT)
– Can break end-to-end reachability & naming
• IPv6:– 128 bit address space– Cleaned up header, no fragmentation, no checksum,
fixed option processing.• For faster router processing
Cont’d.
• Tunnels - wrap packets in an extra IP header– Send indirectly– Implement overlay networks (e.g., overlay
multicast, etc.)
DNS
• The Domain Name System– Distributed name -> IP (and back) database
• Addresses returned by “A” records
– Hierarchical. Goes from the root (“.”) down. Each level can delegate an “NS” (name server) record.
• Recursive resolvers - answer a query completely. Iterative resolvers - give you the next step.
• Caching: TTL-based.
Transport & TCP
• Duties may include:– Reliability, in-order, demultiplexing,
message boundaries, congestion control– UDP (User Datagram Protocol): Just
demux & checksum. Unreliable, etc.– TCP (Transmission Conrol Protocol):
Reliable, in order byte-stream w/congestion control.
Transport Demux
• TCP & UDP both use “ports” - 16 bit #s - as demux keys
ARQ
• “Automatic Repeat Request”– (ARR would have endorsed piracy?)
• Simplest: Stop-and-Wait– Send packet, wait for response, iterate…– Slow.
• Go-back-N– Uses a window. Usually along with…
• Sliding window flow control– Use more capacity.– How to size that window? There’s the rub.
Sizing Windows
• Optimal window size: bw * rtt– Why? Capacity of the pipe, in both directions.– Must keep sending pkts until first ACK gets back
to you (one RTT).
• BW is available bw.– Must not blast traffic: Congestion Collapse
• More work -> more wasted packet retransmissions• In the limit: no useful packets get through!
• How do we find a good window size?
Congestion Control
• Fair and efficient use– Network based (ECN, etc) or end-to-end
(TCP)
• AIMD: Additive Increase, Multiplicative Decrease– Converges to fair & efficient use. Cool!– What TCP does. MD = cut by half. AI =
add one per RTT.
TCP
• Three-way Handshake: SYN / SYN-ACK / ACK.
• ISN - Initial Sequence Number– Each side picks one– TCP is byte-oriented
• Tear down with FIN (finshed)
• Signal error with RST (reset)
TCP 2
• Timeouts: Should be familiar– EWMA = Exponential Weighted Moving
Average = Low-pass filter• srtt = (alpha * srtt) + (1 - alpha) * new_sample
– Track RTT and linear deviation• Linear deviation always > std. dev
– Why? RTT variation is high under high loads because buffers fill, adding queueing delay
Pacing
• ACK clocking sends pkts out more slowly
• Avoid huge bursts (fill buffers -> loss -> bad)
• Slow Start: Get up to “operating range” quickly (exponential growth).
SACK & Enhancements
• Selective ACKnowledgements– Bitmap of received backets– Help recover from multiple losses in window
• All TCP variants need large enough window to recover from losses
• Nagel’s Algorithm: Delay briefly to coalesce small packets - one outstanding small packet.
TCP Performance
• Single link, need router buffers– 75% link utilization vs 100% link utilization– How big buffer? Conservatively, BW * RTT– There’s that number again. So common, it
can’t help but show up on the final in some form.
• Simple model:• (most ignore the constants)
32pRTT
MSSBW
×=
Queueing
• FIFO: First In, First Out– Scheduling: Who goes out when?– Fairness, etc., entirely up to end hosts
• Fair Queueing– Routers decide who gets to go (e.g., round-robin, Weighted
Fair Queueing (WFQ), etc.)
• Drop-Tail– Drop policy: drop new pkts if queue is full– Can synchronize flows
• AQM: Active Queue Management– RED - Random Early Detection
• Randomly marks (or drops) pkts before queue full
Sharing
• Max-Min Fairness– Small demands get what they want;– Large demands compromise
• GPS: Generalized Processor Sharing– Fluid model for Max-Min fairness– Accounts for packet sizes– Fair Queueing: Compute virtual completion times,
send accordingly
• Complex, per-flow state. But nice results.
QoS
• Quality of Service• Differentiate between flows
– Some get “good” service (guarantees, etc)– Some get best effort
• Application utility curves– Elastic (file xfer) vs. Inelastic (hard realtime)
• Requires admission control– Can’t over-promise!
• Token Buckets– Rate: Let average amount of traffic through– Bucket: Accommodate some burstiness
• RSVP - Resource reServVtion Protocol– Set up QoS / token bucket state at routers on path
Wireless
• Mobility– Routing solution: excess global state– Mobile IP: Triangle routing, tunneling via “home
agent” that proxies for mobile node– TCP solution: Re-bind connection– Link layer: Learning bridges
• Noisy -> losses– Link-layer retransmission (802.11)– End-to-end approach (SACK, ELN - Explicit Loss
Notification).
Wireless MAC issues
• CSMA/CD doesn’t work too well– Hard to listen while transmitting– Hidden terminal - clobber someone else– Exposed terminal - mistakenly think you’ll
clobber
• Solution: RTS / CTS– Ready To Send / Clear To Send
Ad Hoc Networks
• Routing harder: No fixed infrastructure• Protocols
– DSR - Dynamic Source Routing– AODV - Ad Hoc On-Demand Distance Vector
• Sensor Networks– Limited battery life drives everything– Multi-hop can save power (Tx power proportional
to distance squared)– Aggregation holds the big promise. Don’t do n^2
communication…
HTTP
• HyperText Transfer Protocol• Stateless request-response protocol over
TCP• Persistent HTTP: Optimizes for fewer TCP
connection setups.– Fewer slow starts, 3-way handshakes
• Caching– Expires: header, Get-If-Modified-Since request– ETags (“Entity Tags”) help identify version of
document when using cookies, etc.
Web Caching
• Proxy Caches– Client-based.
• Content Distribution Networks– Server-driven.
• Usually use DNS to send client to replica
– Mapping problem– Example: Akamai– Big benefit: Coping with flash crowds
• Much content (50%?) uncacheable– Dynamic– Unpopular
P2P
• Search techniques: Centralized (napster), broadcast (gnutella), superpeers (KaZaA), routing (Chord)
• Consistent Hashing– Goal: Don’t move all content around when # of
buckets changes slightly
• Used in Chord to do routing in log(n) hops using finger table– Points 1/2, 1/4, 1/8, … way around the ring
Security
• Private Key– E.g., DES (“Data Encryption Standard”), or newer AES
(“Advanced Encryption Standard”)– Must have a shared secret.
• Public Key– E.g., RSA, Diffie-Hellman– Can encrypt to a public key, and not read– Must have the public key. *really* slow.
• Key Distribution - big challenge!– Private: Kerberos (andrew)– Public: Certificiate Authorities (mozilla)
Security 2
• Hash functions– One-way. We hope.– Digital signature: Sign a hash of the data
• SSL - “Secure Sockets Layer”– Pre-packaged encryption/etc. routines– Now “TLS” (Transport Layer Security)– Used in HTTPS/etc.
• IPSEC - ip-layer security
Network Security
• IP model assumed “much trust”– Spoofing source IPs– DoS - “Denial of Service” attacks– DDoS - “Distributed DoS”
• - Hundreds/thousands+ of attack machines
• TCP ISN adds some protection– As long as it’s really random. :)
Firewalls!
• Filter traffic in network– Stateless - match static traffic rules– Stateful - remember more about connections
• Basic: Match src, dst, ports, flags• Expect a question about filtering to specific CIDR
blocks– Set up rules to do the right things– Create CIDR blocks to match the right ranges of IP
addresses…
• IDS = “Intrusion Detection System”– Tell you when you’ve been hacked. :) (Or who’s trying to
hack you)